TechLetters #87 UK decreases data protection; Belgium attempts to fire its data protection authority boss; Russia rejects findings of Microsoft concerning cyberwar on Ukraine, retaliates?
Security
Russian election body "predicts" "increase of cyberattacks" in the next elections in Russia. These will be held using "remote/online electronic voting". Deployment of this technology means that someone had to be aware of such risks. So little point in complaining. Deployment meant invitation, so…
Belgium accuses Chinese groups of cyberattacks. On the state, government, e.g. defence structures. Call to China to react. According to the Belgian government, state sovereignty has been violated by these cyberattacks.
Russia rejects Microsoft's findings on Russia's cyberwar vs Ukraine. They (Ministry of Foreign Affairs) accuse Microsoft of "Russophobia", claim that the MS is "operating under the orders of the Pentagon and intelligence services". And that they (MS/US) "took control" of the Ukrainian infrastructure. Russian MFA calls cyberattack attribution a "political attribution promoted by the West - the determination of a convenient culprit through the manipulation and falsification of data, without technical or legal checks". Some Soviet-era joke time: "Russians are struck by the Russophobia that meets them wherever they send their tanks".
NGOs/private sector out from United Nations. United Nations continues the Open Ended Working Group to tackle information security/cybersecurity, norms, and so on. Some time ago it was decided to let NGOs/private sector to get involved in those talks. Now surprise! But this year quite a lot of non-government stakeholders, and some big firms, were rejected from participation. That includes Microsoft. And Kaspersky. They are of course not happy. In previous years Russia complained on the “too big” involvement of non-government stakeholders.
OEWG draft report. 0th version is already out. It seems that there is basically nothing of interest inside. Looks like no actual progress has been made. But, of course, a report needs to be made. So it is made.
Privacy
New UK data protection. Reformed to “exit” from GDPR/ePrivacy regime. It has some good additions. for example:
clarified what/when "person is identifiable" (so: when processing falls into data protection regime), it is explained. This is interesting, and will be welcome by business due to stability.
Cookie consent is relaxed, with a very practical outcome... This change is a very tricky territory (and risky), but one use case may see it as a positive change: no consent asked in many cases, which may support privacy-preserving ad infrastructures like Privacy Sandbox (where no consent would be needed?). In other cases, that may be some protection decrease…
Consent for "research" is relaxed. Now the purpose of data collection/processing does not need to be known or clarified to the user. This will make many research efforts easier and maybe allow work on more topics. Also, might facilitate some abuses.
Also, bad stuff:
In many places "Secretary of State" (so: a political decision by a minister!) may “dynamically tune" the rules, on the fly. In theory this makes this regulation flexible. Alternative interpretation: contains loopholes/backdoors and lack of clarity, which is bad. Manual steering of laws by politicians?
Automatic consent mechanisms will be allowed and legalised. Such signals must be honored. This is good. However, there’s a big “IF”: if politicians formally approve them... W3C Do Not Track may return? Or more like IAB consent?
Belgium purges from the office the head of data protection authority. Boring? This is a precedent now. Politicians voted for this. It is a very delicate matter, as the GDPR mandates that bosses of such structures be independent. And basically unremovable unless due to egregious behaviour. “member or members of each supervisory authority shall, in the performance of their tasks and exercise of their powers in accordance with this Regulation, remain free from external influence, whether direct or indirect”. The fight is not over?
Technology Policy
Other
In case you feel it's worth it to forward this content further:
If you’d like to share: